[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#46771] [PATCH] gnu: Python 3.9: Update to 3.9.2.
|
From: |
Leo Famulari |
|
Subject: |
[bug#46771] [PATCH] gnu: Python 3.9: Update to 3.9.2. |
|
Date: |
Thu, 25 Feb 2021 14:44:12 -0500 |
On Thu, Feb 25, 2021 at 09:40:09AM -0500, Greg Hogan wrote:
> From 7388fdcc629074e80ad88714a22f5eb5e8e5fd35 Mon Sep 17 00:00:00 2001
> From: Greg Hogan <code@greghogan.com>
> Date: Wed, 24 Feb 2021 14:12:28 +0000
> Subject: [PATCH] gnu: Python 3.9: Update to 3.9.2.
>
> * gnu/packages/python.scm (python-3.9): Update to 3.9.2.
> * gnu/packages/patches/python-3.9-CVE-2021-3177.patch: Delete file.
> * gnu/local.mk (dist_patch_DATA): Remove it.
Thank you! This kind of maintenance / follow-up work is super valuable.
Pushed as 10b909a0249fd53d589890b357232db4165690f5
> ---
> gnu/local.mk | 1 -
> .../patches/python-3.9-CVE-2021-3177.patch | 194 ------------------
> gnu/packages/python.scm | 6 +-
> 3 files changed, 3 insertions(+), 198 deletions(-)
> delete mode 100644 gnu/packages/patches/python-3.9-CVE-2021-3177.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 8d46cda639..8d1465158a 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -1526,7 +1526,6 @@ dist_patch_DATA = \
> %D%/packages/patches/python-3.8-fix-tests.patch \
> %D%/packages/patches/python-3.8-CVE-2021-3177.patch \
> %D%/packages/patches/python-3.9-fix-tests.patch \
> - %D%/packages/patches/python-3.9-CVE-2021-3177.patch \
> %D%/packages/patches/python-CVE-2018-14647.patch \
> %D%/packages/patches/python-CVE-2020-26116.patch \
> %D%/packages/patches/python-aionotify-0.2.0-py3.8.patch \
> diff --git a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
> b/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
> deleted file mode 100644
> index 155f17deca..0000000000
> --- a/gnu/packages/patches/python-3.9-CVE-2021-3177.patch
> +++ /dev/null
> @@ -1,194 +0,0 @@
> -Fix CVE-2021-3177 for Python 3.9:
> -
> -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177
> -
> -Patch copied from upstream source repository:
> -
> -
> https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932
> -
> -From c347cbe694743cee120457aa6626712f7799a932 Mon Sep 17 00:00:00 2001
> -From: "Miss Islington (bot)"
> - <31488909+miss-islington@users.noreply.github.com>
> -Date: Mon, 18 Jan 2021 13:29:31 -0800
> -Subject: [PATCH] closes bpo-42938: Replace snprintf with Python unicode
> - formatting in ctypes param reprs. (GH-24247)
> -
> -(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7)
> -
> -Co-authored-by: Benjamin Peterson <benjamin@python.org>
> -
> -Co-authored-by: Benjamin Peterson <benjamin@python.org>
> ----
> - Lib/ctypes/test/test_parameters.py | 43 ++++++++++++++++
> - .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 +
> - Modules/_ctypes/callproc.c | 51 +++++++------------
> - 3 files changed, 64 insertions(+), 32 deletions(-)
> - create mode 100644
> Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> -
> -diff --git a/Lib/ctypes/test/test_parameters.py
> b/Lib/ctypes/test/test_parameters.py
> -index e4c25fd880cef..531894fdec838 100644
> ---- a/Lib/ctypes/test/test_parameters.py
> -+++ b/Lib/ctypes/test/test_parameters.py
> -@@ -201,6 +201,49 @@ def __dict__(self):
> - with self.assertRaises(ZeroDivisionError):
> - WorseStruct().__setstate__({}, b'foo')
> -
> -+ def test_parameter_repr(self):
> -+ from ctypes import (
> -+ c_bool,
> -+ c_char,
> -+ c_wchar,
> -+ c_byte,
> -+ c_ubyte,
> -+ c_short,
> -+ c_ushort,
> -+ c_int,
> -+ c_uint,
> -+ c_long,
> -+ c_ulong,
> -+ c_longlong,
> -+ c_ulonglong,
> -+ c_float,
> -+ c_double,
> -+ c_longdouble,
> -+ c_char_p,
> -+ c_wchar_p,
> -+ c_void_p,
> -+ )
> -+ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?'
> at 0x[A-Fa-f0-9]+>$")
> -+ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c'
> ('a')>")
> -+ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at
> 0x[A-Fa-f0-9]+>$")
> -+ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>")
> -+ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B'
> (98)>")
> -+ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h'
> (511)>")
> -+ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H'
> (511)>")
> -+ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]'
> \(20000\)>$")
> -+ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam
> '[LI]' \(20000\)>$")
> -+ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam
> '[li]' \(20000\)>$")
> -+ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam
> '[LI]' \(20000\)>$")
> -+ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam
> '[liq]' \(20000\)>$")
> -+ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam
> '[LIQ]' \(20000\)>$")
> -+ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f'
> (1.5)>")
> -+ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd'
> (1.5)>")
> -+ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd'
> (1e+300)>")
> -+ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam
> ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$")
> -+ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam
> 'z' \(0x[A-Fa-f0-9]+\)>$")
> -+ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam
> 'Z' \(0x[A-Fa-f0-9]+\)>$")
> -+ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P'
> \(0x0*12\)>$")
> -+
> - ################################################################
> -
> - if __name__ == '__main__':
> -diff --git
> a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> -new file mode 100644
> -index 0000000000000..7df65a156feab
> ---- /dev/null
> -+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst
> -@@ -0,0 +1,2 @@
> -+Avoid static buffers when computing the repr of :class:`ctypes.c_double`
> and
> -+:class:`ctypes.c_longdouble` values.
> -diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
> -index b0a36a30248f7..f2506de54498e 100644
> ---- a/Modules/_ctypes/callproc.c
> -+++ b/Modules/_ctypes/callproc.c
> -@@ -489,58 +489,47 @@ is_literal_char(unsigned char c)
> - static PyObject *
> - PyCArg_repr(PyCArgObject *self)
> - {
> -- char buffer[256];
> - switch(self->tag) {
> - case 'b':
> - case 'B':
> -- sprintf(buffer, "<cparam '%c' (%d)>",
> -+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
> - self->tag, self->value.b);
> -- break;
> - case 'h':
> - case 'H':
> -- sprintf(buffer, "<cparam '%c' (%d)>",
> -+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
> - self->tag, self->value.h);
> -- break;
> - case 'i':
> - case 'I':
> -- sprintf(buffer, "<cparam '%c' (%d)>",
> -+ return PyUnicode_FromFormat("<cparam '%c' (%d)>",
> - self->tag, self->value.i);
> -- break;
> - case 'l':
> - case 'L':
> -- sprintf(buffer, "<cparam '%c' (%ld)>",
> -+ return PyUnicode_FromFormat("<cparam '%c' (%ld)>",
> - self->tag, self->value.l);
> -- break;
> -
> - case 'q':
> - case 'Q':
> -- sprintf(buffer,
> --#ifdef MS_WIN32
> -- "<cparam '%c' (%I64d)>",
> --#else
> -- "<cparam '%c' (%lld)>",
> --#endif
> -+ return PyUnicode_FromFormat("<cparam '%c' (%lld)>",
> - self->tag, self->value.q);
> -- break;
> - case 'd':
> -- sprintf(buffer, "<cparam '%c' (%f)>",
> -- self->tag, self->value.d);
> -- break;
> -- case 'f':
> -- sprintf(buffer, "<cparam '%c' (%f)>",
> -- self->tag, self->value.f);
> -- break;
> --
> -+ case 'f': {
> -+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ?
> self->value.f : self->value.d);
> -+ if (f == NULL) {
> -+ return NULL;
> -+ }
> -+ PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>",
> self->tag, f);
> -+ Py_DECREF(f);
> -+ return result;
> -+ }
> - case 'c':
> - if (is_literal_char((unsigned char)self->value.c)) {
> -- sprintf(buffer, "<cparam '%c' ('%c')>",
> -+ return PyUnicode_FromFormat("<cparam '%c' ('%c')>",
> - self->tag, self->value.c);
> - }
> - else {
> -- sprintf(buffer, "<cparam '%c' ('\\x%02x')>",
> -+ return PyUnicode_FromFormat("<cparam '%c' ('\\x%02x')>",
> - self->tag, (unsigned char)self->value.c);
> - }
> -- break;
> -
> - /* Hm, are these 'z' and 'Z' codes useful at all?
> - Shouldn't they be replaced by the functionality of c_string
> -@@ -549,22 +538,20 @@ PyCArg_repr(PyCArgObject *self)
> - case 'z':
> - case 'Z':
> - case 'P':
> -- sprintf(buffer, "<cparam '%c' (%p)>",
> -+ return PyUnicode_FromFormat("<cparam '%c' (%p)>",
> - self->tag, self->value.p);
> - break;
> -
> - default:
> - if (is_literal_char((unsigned char)self->tag)) {
> -- sprintf(buffer, "<cparam '%c' at %p>",
> -+ return PyUnicode_FromFormat("<cparam '%c' at %p>",
> - (unsigned char)self->tag, (void *)self);
> - }
> - else {
> -- sprintf(buffer, "<cparam 0x%02x at %p>",
> -+ return PyUnicode_FromFormat("<cparam 0x%02x at %p>",
> - (unsigned char)self->tag, (void *)self);
> - }
> -- break;
> - }
> -- return PyUnicode_FromString(buffer);
> - }
> -
> - static PyMemberDef PyCArgType_members[] = {
> diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
> index 5c5be0d78c..9d97050c66 100644
> --- a/gnu/packages/python.scm
> +++ b/gnu/packages/python.scm
> @@ -59,6 +59,7 @@
> ;;; Copyright © 2018 Vagrant Cascadian <vagrant@debian.org>
> ;;; Copyright © 2019 Tanguy Le Carrour <tanguy@bioneland.org>
> ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
> +;;; Copyright © 2021 Greg Hogan <code@greghogan.com>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -533,19 +534,18 @@ data types.")
> (define-public python-3.9
> (package (inherit python-3.8)
> (name "python-next")
> - (version "3.9.1")
> + (version "3.9.2")
> (source (origin
> (method url-fetch)
> (uri (string-append "https://www.python.org/ftp/python/";
> version "/Python-" version ".tar.xz"))
> (patches (search-patches
> "python-3.9-fix-tests.patch"
> - "python-3.9-CVE-2021-3177.patch"
> "python-3-deterministic-build-info.patch"
> "python-3-search-paths.patch"))
> (sha256
> (base32
> - "1zq3k4ymify5ig739zyvx9s2ainvchxb1zpy139z74krr653y74r"))
> + "0z94vv5qhlwvcgc4sy9sdiqs0220s84wx3b62vslh5419z2k881w"))
> (modules '((guix build utils)))
> (snippet
> '(begin
> --
> 2.30.1